With Internet use forming an ever greater part of day to day life, malicious software—often called “malware”—that steals or destroys system resources, data, and private information is an increasing problem. Governments and businesses devote significant resources to preventing intrusions by malware. Malware comes in many forms, such as computer viruses, worms, trojan horses, spyware, keystroke loggers, adware, rootkits, and ransomware. Some of the threats posed by malware are of such significance that they are described as cyber terrorism or industrial espionage.
To counter these threats, governments, enterprises, and individuals use a range of security applications and services. Typically, these applications and services scan a device for a signature of certain malware. Responsive to finding the signature, the applications and services quarantine or delete the malware. The applications and services often miss more sophisticated security exploits, however, and often the applications and services are not configured to detect malware or take any actions until malware has gained a substantial foothold on a device or caused irreversible damage.
For example, one genus of malware seeks to modify files for a variety of reasons. This genus can include wipers and ransomware, which share some behavioral similarities but are purposed differently. Wipers are designed to destroy data on a device through any of a number of different methods. Some wipers write over portions of data files to make the data files unusable to an unsophisticated user. Other more seriously damaging wipers write over data and may do so multiple times using random sequences of data in order to make recovery of any data more difficult or impossible.
Another family of file-modifying malware can include some forms of ransomware that hold data hostage in exchange for a ransom of some kind. Often, this form of ransomware encrypts a portion of a computer's memory and notifies the user that the user will be provided with a way to decrypt the memory in exchange for payment. Once the files have been encrypted, there is usually very little to nothing even an advanced user can do to recover the encrypted data. Malware of this nature are of great concern for corporations, government entities, or other entities that store valuable or unproduceable data and they have become prevalent because of their lucrative nature.
Due to their scalability and the similar behaviors that these forms of code exhibit to normal computer operations, these malware can compromise data before current measures are able to detect the presence of the malware. This failure to act early enough in the malware's attempt to effect crippling modifications to data can result in substantial damage, loss, or difficulty in reversing the modifications.